May 22, 2020

COVID-19 and Cybersecurity

It was just four months ago that the World Health Organization (WHO) announced the spread of the COVID-19 virus as a global emergency. After the coronavirus had reached pandemic levels and many international governments initiated stay-at-home orders for residents, a large number of workers had to conduct their jobs remotely. And though parts of the world are now reopening, workers are returning to a “new office normal,” and industries are still experiencing an unprecedented surge in cloud-based services and remote communication tools.

While this has helped many businesses keep their doors open, our need for speedy connections and securing an entirely remote workforce has increased our exposure to threats and failures.

The Growing Pains of Connection

In March, Microsoft reported 44 million daily users on Teams generating over 900 million meetings and conferences in a single 24-hour period, and Windows Virtual Desktop use increased 300 percent.

While many corporations struggled to stay solvent, cloud provider Google Cloud Platform, which includes G Suite, grew 52 percent—an increase to $2.770 billion, up from $1.825 billion the prior year. Despite the financial impact of COVID-19, Amazon Web Services (AWS) saw similar growth in the first quarter and was up 33 percent. These growth levels reveal that the technology most essential to how we proceed as a society relies on cloud-based, distributed computing.

In terms of staying connected, video conferencing has become a primary, if not sole, engagement model. ZOOM now hosts 300 million meeting participants a day on Oracle Cloud Infrastructure.

With the excitement and rapid adoption of cloud technologies comes a variety of security challenges. Many organizations may have been caught off guard by such rapid and forced digital transformation, and they are scrambling to implement processes, policies, and privileges. Teams that typically mapped one- to three-year plans have been forced into overnight deployments.

Such speed increases risk for misconfigurations and accidental lapses in deployment. Accidental threats make up an estimated 24 percent of data breaches, according to research by Ponemon. Another 25 percent can be traced to IT and business process failures.

Cybercriminals Love ChaosAs most of the world comes together to address the health and economic impacts of the COVID-19 pandemic, others are taking advantage of the chaos. Malware-infected websites, digital black markets, and targeted phishing campaigns have used the coronavirus pandemic to increase cybercriminal activity.

FBI Deputy Assistant Director Tonya Ugoretz recently said the agency’s Internet Crime Complaint Center (IC3) “used to see 1,000 complaints a day through their internet portal; they’re now receiving something like 3,000 to 4,000 complaints a day.”

Remote Desktop Protocol Is an Old Patchwork

One of the most popular application-level protocols for accessing Windows workstations or servers is Microsoft’s proprietary protocol—RDP, or Remote Desktop Protocol. Introduced in 1998, it is “mature” and complex with dozens of underlying protocols, optional features, and disparate implementations. As one of the most popular platforms in the world, it is a key target for malicious actors and one vulnerable to accidental risks.

Microsoft offers weekly communications on fixing vulnerabilities, Microsoft Patch Tuesday. In April, they reported patches to over 113 vulnerabilities, including a zero-day for Adobe Font Manager and a more alarming zero-day for Windows 7 and Windows 10 involving an “elevation of privilege” bug.

Impact on Cybersecurity Planning

With an exponentially larger attack surface and the global economy in a virtual standstill, cybercriminals are more likely motivated to increase malicious activity.

In an April survey of 150 security leaders, 26 percent said they had seen an increase in the number and severity of attacks on networks. More eye-opening is the fact that an overwhelming majority said they expect the impact of the pandemic will alter the way they view risk for the next five years.

Still, as Armor Chief Security Office Chris Stouff noted, “Almost half of the threats to an organization will come from traditional business process failures or mistakes in cloud configurations—even accidents—not from malicious criminal attacks.”

One of the more unfortunate outcomes of the COVID-19 crisis might be our collective loss of knowing when to be appropriately alarmed. In the U.S., unprecedented events coupled with broad disinformation and an outpouring of data have made it more difficult to define risk. But organizations should know that the mass migration to cloud technologies, combined with an economically motivated and technologically advanced adversary, comes with remarkable risk.

But beyond the chaos, cloud security providers have stepped up their efforts to reduce the increased pressure companies are under to protect the data in their clouds, as well as enable remote workers to safely and securely carry on with as much “business-as-normal” operations as they can.

Armor’s solution, Armor Anywhere, detects the threats that could infiltrate your cloud environment, with an available secure hosting option with infrastructure fully managed and provided by Armor.

Resource Center

More security resources at your fingertips.

Armor is a global cybersecurity software company. We simplify protecting data and applications in private, public, or hybrid clouds as well as help organizations comply with major regulatory frameworks and controls. We know security is complex; it doesn’t have to feel that way.